From ffedf769a0f31a9bb2f52c8b3270e37da5c088b6 Mon Sep 17 00:00:00 2001 From: Emma Thorpe Date: Tue, 16 Jun 2026 11:21:51 +0100 Subject: [PATCH] fix(shell.nix): let gh own its config.yml so auth login works home-manager renders ~/.config/gh/config.yml as a read-only /nix/store symlink whenever programs.gh is enabled (unconditionally, not gated on settings). gh rewrites that file on 'gh auth login' and 'gh config set', which then fail with a permission error. Suppress the managed config.yml via xdg.configFile and drop the settings.git_protocol declaration that created it; gh now owns the file. The token lives in hosts.yml, which home-manager never manages. Set the SSH protocol at runtime with 'gh config set git_protocol ssh'. --- lyrathorpe/home/shell.nix | 15 +++++++++------ 1 file changed, 9 insertions(+), 6 deletions(-) diff --git a/lyrathorpe/home/shell.nix b/lyrathorpe/home/shell.nix index cfb2d32..6d363b6 100644 --- a/lyrathorpe/home/shell.nix +++ b/lyrathorpe/home/shell.nix @@ -203,12 +203,15 @@ in flake = "$HOME/code/nixfiles"; }; - # GitHub CLI. Prefer SSH for any git operations it drives, matching the - # ssh-based remotes used elsewhere. - programs.gh = { - enable = true; - settings.git_protocol = "ssh"; - }; + # GitHub CLI. `programs.gh.settings` is deliberately unset: home-manager renders + # ~/.config/gh/config.yml as a read-only /nix/store symlink whenever the module + # is enabled, but gh must rewrite that file on `gh auth login` and `gh config + # set`, which then fail with a permission error. Suppress the managed config.yml + # (below) and let gh own it. The token lives in hosts.yml, which is never + # Nix-managed. Set the SSH protocol once at runtime: `gh config set git_protocol + # ssh` (it can't be declarative here without recreating the immutable file). + programs.gh.enable = true; + xdg.configFile."gh/config.yml".enable = lib.mkForce false; programs.tmux = { enable = true;